Olivia
Online
SecretsBuster
@SecretsBuster
Secure the Internet one secret at a time | Helping teams and organizations find exposed secrets before attackers do
France
Joined May 2024
5 Following
4 Followers
23 Posts
Scanning URLs at scale for exposed secrets is critical for organizations today.
It requires reliable tools and solid security hygiene, not AI superpowers 😉. Secrets scanning is now a must-have.
🚨 We recently discovered that an unauthorized party obtained a token with access to the Grafana Labs GitHub environment, enabling the threat actor to download our codebase. (1/6)
@yeswehack @trufflesec And vibe-coded web apps are making this worse. Detecting secrets in HTTP responses is valuable (especially for bug hunters!) and an absolute win for organizations is catching exposure continuously even before it hits a live environment.
For years, Google API keys (AIza...) had little to no real-world impact.
But recently, many of them unexpectedly gained access to Google Gemini.
curl "https://t.co/w9AaJy4JhU"
This appears to be a widespread misconfiguration that can be hunted in the wild.
@adrielsec @intigriti Congrats! It's often easy to turn algola misconfigurations into stored XSS for example: https://t.co/K7RnETTPtA making it more critical.
This is such a cool find, but as with everything, validate your API key first!
Always verify that you can:
> Read data that's actually confidential (and not reflected somewhere within your target or intended to be public)
> Write to indexes with a non-intrusive HTMLi/XSS payload
More resources below! 👇
We found a lot of them too ☺️ and this can be really bad: https://t.co/K7RnETTPtA
I Found 39 Algolia Admin Keys Exposed Across Open Source Documentation Sites https://t.co/hNja6xkNRm
It found the Firebase config in the JavaScript on the homepage.
Project ID: rentahuman-prod.
One curl -- curl 'https://t.co/yjexNXRCHa'
Returned the full user records.
@badcrack3r @0x_rood Good catch! JavaScript files are still absolute gold mines and they'll probably stay that way even as vibe coding arise 😁
🚨 Exposed Zapier-style webhook URLs = ticking time bomb!
Bot spam starts small ➡️ escalates to rogue AI workflows ➡️ your cloud/AI bill explodes 💥
Secure you apps now! https://t.co/JluYIQNPBd
We just caught an OpenAI API key hardcoded in a public JavaScript file 🔥
Client-side secrets are way too common… 😬 More information ➡️ https://t.co/cO3Cd5U1tV
#CyberSecurity #AppSec #BugBounty
🚨 Serious security fail
@0xminimals exposed their entire Firebase config
(API key, DB URL, project ID, storage bucket).
The worse part? We’re seeing repeated logs like:
“Database updated and keys saved.”
That means the realtime database rules are wide open anyone can write to it.
Saying “don’t fill any details” after leaking infra doesn’t fix anything.
Once it’s public, it’s public.
Firebase keys aren’t secret by design.
This is what vibe coding without understanding infrastructure looks like.
🚨 SecretsBuster Giveaway Update! 🚨
No secrets found yet? Just curious to try our tool for your org? No problem! 🙌
To enter the 1-year "Enthusiast" plan giveaway:
Just RT the original post! 🎉
Random winner picked in 7 days! Good luck! 🍀 #infosec #BugBounty #Pentesting
🚨 SecretsBuster Giveaway Update! 🚨
No secrets found yet? Just curious to try our tool for your org? No problem! 🙌
To enter the 1-year "Enthusiast" plan giveaway:
Just RT the original post! 🎉
Random winner picked in 7 days! Good luck! 🍀 #infosec #BugBounty #Pentesting
🚨 SecretsBuster Giveaway! 🚨
Win a 1-year "Enthusiast" plan! 🎉
To enter:
- RT this
- Reply with a sensitive secret type you found during a web app pentest/bug bounty 🔒
Random winner picked in 7 days! #SecretsBuster
🚨 SecretsBuster Giveaway! 🚨
Win a 1-year "Enthusiast" plan! 🎉
To enter:
- RT this
- Reply with a sensitive secret type you found during a web app pentest/bug bounty 🔒
Random winner picked in 7 days! #SecretsBuster
🚨 In 2024, we launched https://t.co/JluYIQNPBd to catch secret leaks in web apps.
🔥 Today, our API is live! Plug it into your CI/CD, audits, pentests… and automate your app security.
👉 More about this: https://t.co/AJuHAIACm5
🔑 Get your API key: https://t.co/po9ILqmBEQ
SecretsBuster is our solution to protect web apps from secret leaks. But does it really work?
Discover how we found a critical flaw via our "Responsible Disclosure Program."
Read more: https://t.co/sDalGkS36V
#cybersecurity #infosec #bugbounty
Secret leaks are everywhere 🚨 Popular platforms like HuggingFace Spaces can be a goldmine for bad actors when developers accidentally leak secrets there. What about your own web applications? Start checking it with SecretsBuster now! #appsec #bugbountytips #leaks
SecretsBuster is our solution to protect web apps from secret leaks. But does it really work?
Discover how we found a critical flaw via our "Responsible Disclosure Program."
Read more: https://t.co/sDalGkS36V
#cybersecurity #infosec #bugbounty
Through our Responsible Disclosure Program (RDP), we aim to protect even website that doesn't use our service.
Read more: https://t.co/mHErku1udW
Last Seen Users on Sotwe
Mete
Seen from Turkey
Skandal Bokep Indo abg bule sange Nontop 18
Seen from Indonesia
bakma öyle
Seen from Turkey
BanG Dream! Official EN 
Seen from United States
dito suka sange
Seen from Indonesia
Jeez
Seen from India
Söke
Seen from Turkey
Anne ens
Seen from Switzerland
🔥🔞🔥Noir
Seen from Turkey
Altyazılı Erotik Film
Seen from Turkey
Trends for you
Most Popular Users
Elon Musk
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.4M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.4M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.7M followers
KATY PERRY
@katyperry
87.1M followers
Taylor Swift
@taylorswift13
80.9M followers
Lady Gaga
@ladygaga
72.4M followers
Kim Kardashian
@kimkardashian
69.5M followers
Virat Kohli
@imvkohli
68.9M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.5M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.5M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60.1M followers